In our increasingly digital world, where we are all carrying around devices with continuous access to cloud-based systems in our pockets, security is of utmost importance. In other words, the exposure to hackers and identity thieves must be reduced through designing systems which are as secure as seemingly possible.
Therefore, Trovisio have chosen to utilize the great knowledge that’s outside our own company, through a responsible disclosure policy. By having a responsible disclosure policy, white-hat hackers (the good guys) will know where to report bugs and findings of importance so that black-hat hackers (the bad ones) can’t breach the security of the site. We offer a test environment for hackers to play around with to see if our system needs to be fixed in any way. This way, the production environment remains stable.
Trovisio have also chosen to reward hackers that are kind enough to report us their findings. We thank them in our hall of fame and offer them compensation in correlation with the importance of their findings.
This story (link below) was found by a Trovisio employee. We were very glad to see this white-hat hacker write about finding a bug related to resetting passwords in the Trovisio system, and about how the case was handled – all from writing to us, getting quick feedback and being kept in the loop until the bug was fixed.